Data use managing system
Abstract
[Problems] To provide a data use managing system which forces a face- to face permission by an administrator of confidential data when using the confidential data stored in mobile terminal. [Means for Solving Problems] A user mobile terminal ( 2 ) transmits a use request token for requesting a use if encrypted confidential data to an administrator mobile terminal ( 1 ) by near-distance radio communication. If the administrator of the confidential data as the user of the administrator mobile terminal ( 1 ) performs a permission operation of use of the confidential data by the use mobile terminal ( 2 ) to the administrator mobile terminal ( 1 ), the administrator mobile terminal ( 1 ) transmits a permission token indicating the permission to use the confidential data to a right managing server ( 3 ). The right managing sever ( 3 ) transmits a decryption key to the user mobile terminal ( 2 ). The user mobile terminal ( 2 ) decrypted confidential data by the received key and user the confidential data by a predetermined use method.
Claims
exact text as granted — not AI-modified1 - 17 . (canceled)
18 . A data use managing system, comprising:
a first data-use appliance comprising decryption means for decrypting encrypted data by employing a decryption key, and use request means for generating use request data for requesting permission of a use of the data, said use request data including encrypted data identification information, and transmitting it by near-distance wireless communication or causing display means to display said use request data; a second data-use appliance comprising right transfer means for receiving said use request data, and identification information transmission means for transmitting administrator identification information and the encrypted data identification information that are included in the above use request data to right management means; and the right management means comprising a database in which the decryption key, the encrypted data identification information, and the administrator identification information indicating an administrator of the encrypted data have been stored correspondingly to each other, and decryption key transmission means for transmitting the decryption key to said first data-use appliance: wherein said second data-use appliance comprises right transfer means for acquiring the above use request data from said first data-use appliance by said near-distance wireless communication means or means for optically receiving the use request data displayed in said display means, and determining whether or not to meet a transfer condition, being a condition that a right for using the use-requested data is transferred, input/output means for causing a user of said first data-use appliance to determine whether or not said first data-use appliance is permitted to use the above data, and data transmission means for transmitting transfer authorization data including the encrypted data identification information to the right management means when said right transfer means determines that said transfer condition of the right has been met, and an instruction indicating that said first data-use appliance is permitted to use the data has been inputted into said input/output means; and wherein said decryption key transmission means of said right management means, when having received said transfer authorization data, transmits the decryption key to said first data-use appliance, thereby enabling the second data-use appliance to authorize whether or not the first data-use appliance is permitted to decrypt said encrypted data only when users of the first and second data-use appliances face each other or stand close to each other.
19 . A data use managing system according to claim 18 ; wherein the decryption key, the encrypted data identification information, and the administrator identification information are stored in the database correspondingly to right definition information indicating a method of using the data;
wherein the decryption key transmission means, when having received the encrypted data identification information and the administrator identification information from the data management appliance, makes a reference to said database, and transmits the decryption key and the right definition information corresponding to said received encrypted data identification information and administrator identification information to the data use appliance; and wherein said data use appliance comprises use control means for using the data according to the use method that the received right definition information indicates.
20 . A data use managing system according to claim 18 ;
wherein the decryption key, the encrypted data identification information, and the administrator identification information are stored in the database correspondingly to right definition information indicating a method of using the data and an output destination; wherein the decryption key transmission means, when having received the encrypted data identification information and the administrator identification information from the data management appliance, makes a reference to said database, and transmits the decryption key and the right definition information corresponding to said received encrypted data identification information and administrator identification information to the data use appliance; and wherein said data use appliance comprises use control means for outputting data to the output destination that said right definition information indicates, according to the use method and the output destination that the received right definition information indicates.
21 . A data use managing system according to claim 20 ;
wherein the data use appliance comprises authentication means for authenticating a device of the output destination of the data, and outputting the data to the device of the output destination responding to an authentication result.
22 . A data use managing system according to claim 21 ;
wherein the authentication means, when receiving from the device of the output destination of the data authentication information including information indicating the above device, and determining that the received authentication information meets a predetermined authentication rule, outputs said data to said device.
23 . A data use managing system according to claim 18 ;
wherein the use request means of the data use appliance generates the use request data including user identification information indicating a user of the data; wherein the data management appliance comprises data acquisition means for acquiring said use request data from the data use appliance, and input/output means for displaying the encrypted data identification information and the user identification information that said use request data acquired by said data acquisition means includes, and causing a user to input an instruction indicating whether or not said data use appliance is permitted to use the data; and wherein the identification information transmission means of said data management appliance transmits the encrypted data identification information and the administrator identification information to the right management means when an instruction indicating that said data use appliance is permitted to use the data has been inputted into said input/output means.
24 . A data use managing system according to claim 23 ; said data use managing system comprising attribute certificate generation means for generating an attribute certificate indicating an attribute of a user of the data responding to a request by the data use appliance:
wherein the use request means of said data use appliance generates use request data including said attribute certificate generated by said attribute certificate generation means; and wherein the input/output means of the data management appliance displays the encrypted data identification information, the user identification information, and the attribute certificate that said use request data acquired by the data acquisition means includes, and causes a user to input an instruction indicating whether or not said data use appliance is permitted to use the data.
25 . A data use managing system according to claim 18 , said data use managing system comprising a right transferee appliance comprising decryption means for decrypting the encrypted data by employing the decryption key, and use request means for generating use request data for requesting permission of a use of the data, said use request data including the encrypted data identification information, and transmitting it by near-distance wireless communication or causing display means to display said use request data:
wherein the data use appliance comprises right re-transfer means for, when having acquired the use request data from said right transferee appliance, determining whether or not to meet a re-transfer condition, being a condition that a right for using the data is transferred, input/output means for causing a user of said data use appliance to determine whether or not said right transferee appliance is permitted to use the data, and data transmission means for transmitting re-transfer authorization data including the encrypted data identification information to the right management means when said right re-transfer means determines that said re-transfer condition of the right is met, and an instruction indicating that said right transferee appliance is permitted to use the data has been inputted into said input/output means; and wherein the decryption key transmission means of said right management means, when having received said re-transfer authorization data, transmits the decryption key to said right transferee appliance.
26 . A data-use appliance, comprising:
decryption means for decrypt encrypted data by employing a decryption key; use request means for generating use request data for requesting permission of a use of the data, said use request data including encrypted data identification information, transmitting it by near-distance wireless communication or causing display means to display said use request data, and requesting an administrator of the encrypted data to use the data; right transfer means for, when having acquired the use request data from other appliances, determining whether or not to meet a transfer condition, being a condition that a right for using the data is transferred; input/output means for causing a user to determine whether or not said other appliances are permitted to use the data; and data transmission means for transmitting transfer authorization data including the encrypted data identification information to right management means for transmitting the decryption key when said right transfer means determines that said transfer condition of the right has been met, and an instruction indicating that said other appliances are permitted to use the data has been inputted into said input/output means.
27 . A data use appliance according to claim 26 , said data use appliance comprising use control means for using the data according to right definition information indicating a method of using the data.
28 . A data use appliance according to claim 26 , said data use appliance comprising:
right re-transfer means for, when having acquired the use request data from other appliances, determining whether or not to meet a re-transfer condition, being a condition that a right for using the data is transferred; input/output means for causing a user to determine whether or not said other appliances are permitted to use the data; and data transmission means for transmitting re-transfer authorization data including the encrypted data identification information to right management means for transmitting the decryption key when said right re-transfer means determines that said re-transfer condition of the right is met, and an instruction indicating that said other appliances are permitted to use the data has been inputted into said input/output means.
29 . A server, comprising:
a database in which a decryption key for decrypting encrypted data, being data that has been encrypted, encrypted data identification information for identifying the encrypted data, right definition information indicating a method of using the data, and administrator identification information indicating an administrator of the encrypted data are stored correspondingly to each other; and decryption key transmission means for, when having received the encrypted data identification information and the administrator identification information from a first mobile appliance, transmitting to a second mobile appliance the decryption key and the right definition information caused to correspond to said encrypted data identification information and administrator identification information stored in said database.
30 . A data management appliance, comprising:
data acquisition means for acquiring use request data including encrypted data identification information for identifying encrypted data and user identification information indicating a user of the data from a data use appliance for using the data, said use request data indicating a request for permitting a use of the data; and
input/output means for displaying the encrypted data identification information and the user identification information included in said acquired use request data, and causing a user to input an instruction indicating whether or not said data use appliance is permitted to use the data.
31 . A data management appliance according to claim 30 , said data management appliance comprising:
encrypted data generation means for encrypting the data, thereby to generate the encrypted data; and right definition means for generating right definition information indicating a method of using the data by the data use appliance.
32 . A data use managing method, comprising:
a use request step in which use request means generates use request data for requesting permission of a use of the data, said use request data including encrypted data identification information for identifying encrypted data, being data that has been encrypted, and transmits it by near-distance wireless communication or causes display means to display said use request data; an identification information transmission step in which identification information transmission means, when having acquired the use request data, transmits administrator identification information indicating an administrator of the encrypted data and the encrypted data identification information that said use request data includes; a decryption key transmission step in which decryption key transmission means, when having received the administrator identification information and the encrypted data identification information transmitted in the identification information transmission step, makes a reference to a database for storing a decryption key, the encrypted data identification information, and the administrator identification information correspondingly to each other, and transmits the decryption key corresponding to said received administrator identification information and encrypted data identification information; and a decryption step in which decryption means employs the decryption key transmitted in said decryption key transmitting step, thereby to decrypt the encrypted data.
33 . A program, said program causing a computer to execute:
employing a decryption key for decrypting encrypted data, being data that has been encrypted, thereby to decrypt said encrypted data; and generating use request data for requesting permission of a use of the data, said use request data including encrypted data identification information for identifying the encrypted data, transmitting it by near-distance wireless communication or causing display means to display said use request data, and requesting an administrator of the encrypted data to use the data.
34 . A program, said program causing a computer to execute:
acquiring use request data including encrypted data identification information for identifying encrypted data and user identification information indicating a user of the data from a data use appliance for using the data, said use request data indicating a request for permitting a use of the data; and displaying the encrypted data identification information and the user identification information being included in said use request data acquired in said data acquisition process in display means, and causing a user to input an instruction indicating whether or not said data use appliance is permitted to use the data into input means.
35 . A data use managing method, comprising:
a use request step in which a first data-use appliance generates use request data for requesting permission of a use of data, said use request data including encrypted data identification information for identifying encrypted data, being data that has been encrypted, and transmits it by near-distance wireless communication or causes display means to display said use request data; to an acquisition step in which a second data-use appliance receives the use request data by said near-distance wireless communication, or optically receives the use request data displayed in said display means from said first data-use appliance, thereby to acquire the above use request data; a right transfer step in which said second data-use appliance determines whether or not to meet a transfer condition, being a condition that a right for using the use-requested data is transferred; a data transmission step in which said second data-use appliance transmits transfer authorization data including administrator identification information indicating an administrator of the encrypted data and the encrypted data identification information when it is determined in said right transfer step that said transfer condition of the right has been met, and an instruction indicating that said first data-use appliance is permitted to use the data has been inputted; a decryption key transmission step in which a right management unit retrieves a decryption key caused to correspond to the administrator identification information and the encrypted data identification information being included in said received transfer authorization data from a database in which a decryption key, the encrypted data identification information, and the administrator identification information indicating an administrator of the encrypted data have been stored corresponding to each other, and transmits the retrieved decryption key to said first data-use appliance; and a decryption step in which said first data-use appliance employs said transmitted decryption key, thereby to decrypt the encrypted data.
36 . A data use managing method according to claim 35 ;
wherein said decryption key transmission step is a step of retrieving the decryption key and right definition information that correspond to the administrator identification information and the encrypted data identification information received from a data management appliance from a database in which the decryption key, the encrypted data identification information, the administrator identification information, and the right definition information indicating a method of using the data have been stored correspondingly to each other, and transmitting the retrieved decryption key and right definition information to the data-use appliance; and wherein said data-use appliance uses the data according to the use method that the received right definition information indicates.
37 . A data use managing method according to claim 36 ;
wherein said decryption key transmission step is a step of retrieving the decryption key and the right definition information corresponding to the administrator identification information and the encrypted data identification information that are included in said received transfer authorization data from a database in which the decryption key, the encrypted data identification information, the administrator identification information, and the right definition information indicating the method of using the data and an output destination have been stored correspondingly to each other, and transmitting the retrieved decryption key and right definition information to the data-use appliance; and wherein said data-use appliance outputs the data to the output destination that said right definition information indicates, according to the use method and the output destination that the received right definition information indicates.
38 . A data use managing method according to claim 37 , wherein said data-use appliance authenticates a device of the output destination of the data, and outputs the data to the device of the output destination responding to an authentication result.
39 . A data use managing method according to claim 38 , wherein authentication means, when receiving from the device of the output destination of the data authentication information including information indicating the above device, and determining that the received authentication information meets a predetermined authentication rule, outputs said data to said device.
40 . A data use managing method according to claim 35 :
Wherein the first data-use appliance generates the use request data including user identification information indicating a user of the data in the data use request step; wherein the data management appliance displays the encrypted data identification information and the user identification information that are included in said use request data acquired from the data-use appliance; and wherein the data management appliance transmits the encrypted data identification information and the administrator identification information to the right management unit when an instruction indicating that said data-use appliance is permitted to use the data has been inputted from a user.
41 . A data use managing method according to claim 40 , said use management method comprising an attribute certificate generation step of generating an attribute certificate indicating an attribute of a user of the data responding to a request by the first data-use appliance:
wherein said use request step is a step of generating the use request data including said attribute certificate generated in said attribute certificate generation step; wherein the data management appliance displays the encrypted data identification information, the user identification information, and the attribute certificate that said use request data acquired by data acquisition means includes; and wherein the data management appliance transmits the encrypted data identification information and the administrator identification information to the right management unit when an instruction indicating that said data-use appliance is permitted to use the data has been inputted from a user.
42 . A data use method, comprising:
generating use request data for requesting permission of a use of data, said use request data including encrypted data identification information for identifying encrypted data, being data that has been encrypted, transmitting it by near-distance wireless communication or causes display means to display said use request data, and requesting an administrator of the encrypted data to use the data; determining whether or not to meet a transfer condition, being a condition that a right for using the use-requested data is transferred when acquiring the use request data from other appliances; and transmitting transfer authorization data including the encrypted data identification information to a right management unit for transmitting a decryption key when it is determined in said right transfer step that said transfer condition of the right has been met, and an instruction indicating that said other appliances are permitted to use the data has been inputted from a user; and employing the decryption key transmitted from said right management unit, thereby to decrypt the encrypted data.
43 . A data use method according to claim 42 , said data use method comprising using said decrypted data according to right definition information indicating a method of using the data.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.